Hasso-Plattner-Institut
  
    • de
 

New Security Challenges

In a Service-oriented Architecture a multiple of inde­pen­dent applications are acting together seamlessly - increasing the vulnerability of the whole system exponentially compared to monolithic applications. As companies around the world move from an isolated IT-infrastructure to open systems based on the SOA paradigm, strong security concepts are a pre-requisite to prevent jeopardizing a company’s knowledge and assets. Well-defined security goals as authentication and ­authorisation, confidentiality and integrity as well as monitoring and audi­ting need to be reconsidered under the changed conditions in order to face the new security risks successfully.

Facets of SOA-Security

Security in Service-oriented Architectures is not only a tech­ni­cal issue, but a business requirement, which needs to be considered on all levels within an enterprise - reaching from the basic network infrastructure to the business contracts between a company and its partners, customers, and employees.  To read more, click here.

Layers of SOA Security

Research Topics

Getting from abstract security requirements to a secure SOA is the challenge in the area of model-driven security. To facilitate a consistent security configuration of multiple systems in an SOA, dependencies and contradictions between different requirements need to be taken into consideration. Therefore at the HPI, a conceptional security model has been developed that enables the description of security policies as a set of abstract security intentions, which can be translated automatically into concrete security policies (e.g. WS-Policy).

  • Trust Management

Connecting computers on a technical layer across networks  is not sufficient to establish an online collaboration between business partners. One of the key ingredients for successful cooperations is creating trust between two unrelated parties in order to carry out sensitive transactions. At the HPI, innovative methods to establish, maintain and describe trust (e.g. using reputation systems, or by a quantitative representation) are in the scope of our research.

As soon as a service exposes confidential or personal information, the identity of the requestor is of major importance to restrict access only to legitimate users. In order to make the identity available to all services in an SOA, federated identity management emerged as a new identity model to enable the propagation of identity information to all services especially when these are located in different trust domains. The management and establishment of these federations under consideration of strong security requirements is one of the main research topics at the HPI. One of our pilot projects in this area is the HPI Identity Provider which allows HPI members to use an OpenID to authenticate with all Web Sites that support  OpenID.

SOA Security Team

Selected Publications

  • Michael Menzel, Robert Warschofsky, Ivonne Thomas, Christian Willems, Christoph Meinel: The Service Security Lab: A Model-Driven Platform to Compose and Explore Service Security in the Cloud. Proceedings of the 2010 IEEE World Congress on Services (Services 2010), pp.115-122, (Miami, USA, Juli 2010).
  • Michael Menzel, Robert Warschofsky, Christoph Meinel: A Pattern-Driven Generation of Security Policies for Service-Oriented Architectures. Proceedings of the 2010 IEEE International Conference on Web Services (ICWS 2010), pp.243-250, (Miami, USA, Juli 2010).
  • Michael Menzel, Christoph Meinel: SecureSOA - Modelling Security Requirements for Service-oriented Architectures. Proceedings of the 2010 IEEE International Conference on Services Computing (SCC 2010), pp.146-153, Miami, USA, Juli 2010.
  • Ivonne Thomas, Christoph Meinel: Enhancing Claim-Based Identity Management by Adding a Credibility Level to the Notion of Claims. Proceedings of the IEEE Conference on Service Computing (SCC 2009), Bangalore, India, September 2009.
  • Michael Menzel, Christoph Meinel: A Security Meta-Model for Service-Oriented Architectures. Proceedings of the IEEE Conference on Service Computing (SCC 2009), Bangalore, India, September 2009. 
  • Rehab Alnemr, Justus Bross, Christoph Meinel: "Constructing a Context-aware Service-Oriented Reputation Model using Attention Allocation Points",IEEE SCC 2009, International Conference on Services Computing, september 2009, Bangalore, India.
  • Rehab Alnemr, Matthias Quasthoff, Christoph Meinel: "Taking Trust Management to the Next Level", Book chapter in Handbook of Research on P2P and Grid Systems for Service-Oriented Computing: Models, Methodologies and Applications,IGI Global, Hershey, 2009.
  • Rehab Alnemr, Christoph Meinel: Getting more from Reputation Systems: A Context-aware Reputation Framework based on Trust Centers and Agent Lists, The Third International Multi-Conference on Computing in the Global Information Technology, Greece, July 2008.
  • Michael Menzel, Christian Wolter, Christoph Meinel
    Towards the Aggregation of Security Requirements in Cross-Organisational Service Compositions. Proc. 11th BIS, Springer LNCS, Innsbruck, Austria, May 2008, ISBN:978-3-540-79396-3

       more

Other Links

... to our Research
              Security Engineering - Learning & Knowledge Tech - Design Thinking - former
... to our Teaching
              Tele-Lectures - MOOCs - Labs - Systems 
... to our Publications
              Books - Journals - Conference-Papers - Patents
... and to our Annual Reports.